[Samba] multiple levels of group permissions on some folders in a share

[TAKAHASHI Motonobu]

From: "Harondel J. Sibble" <help at pdscc.com>
Date: Thu, 11 Aug 2011 08:57:41 -0700

> trying to figure out the best way to accomplish this, running samba 3.x on a 
> debian system in share level mode (workgroup)
>
> have a shared folder for all the staff that they have permssions to by 
> membership of being in the "staff" group, this share has about 40-50 
> subfolders.

(snip)

> What's the best way to allow them access to the 5 folders without allowing 
> them to get access to the other 45 or so folders?

(snip)

> I could create a new share for each folder, but if they decide to expand the 
> list of allowed folders, that gets clunky.

What does your "clunky" mean? Creating 5 new shares is most easy
solution I think.

Instead if you can use ACL, you can create a group, make interns
belong to the group and add ACL entries to the 5 folders only,
which allow access to the group. Setting "hide unreadable = yes" other
45 folders cannot be seen by interns.

> So I created a new share for the intern and symlinked the 5 subfolders which 
> they can see just fine, but they get a permission denied which makes
> sense since the intern account is not part of larger group with
> access to the 5 folders in question.

Setting chmod o+rwx to the 5 folders is a way I think.

---
TAKAHASHI Motonobu <monyo at samba.gr.jp>